> On 11 Jun 2016, at 15:02, abi <a...@abinet.ru> wrote: > > Most of work is done by host, so the plan is to disable some of periodic > stuff, leaving only serious matters like port security. > > This can be done by creating /etc/periodic.conf.local file with contents like > this: > ## This is JAILED systems periodic configuration ## > > # Daily options > > daily_status_network_enable="NO" > daily_clean_hoststat_enable="NO" > daily_status_mail_rejects_enable="NO" > daily_status_include_submit_mailq="NO" > daily_status_mailq_enable="NO" > daily_submit_queuerun="NO" > daily_status_disks_enable="NO" # Check disk status > daily_status_rwho_enable="NO" > daily_status_security_pkgaudit_enable="YES" > daily_pgsql_backup_enable="YES" > > daily_show_empty_output="NO" > daily_show_success="NO" > > security_status_kernelmsg_enable="NO" > > security_show_empty_output="NO" > security_show_success="NO" > > # Weekly options > > weekly_whatis_enable="NO" # our jails are read-only /usr > > weekly_show_success="NO" > weekly_show_info="NO" > weekly_show_empty_output="NO" > > With this config files most of the time jail has nothing to report.
You can also install ports-mgmt/jailaudit on the host to audit packages in all jails and get the result in the host's security output (afaik this way individual jails won't have to fetch the audit database). - m _______________________________________________ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
